You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shindig.apache.org by "Tim Wintle (JIRA)" <ji...@apache.org> on 2008/10/27 14:10:44 UTC
[jira] Updated: (SHINDIG-662) Check protocol for proxy requests
[ https://issues.apache.org/jira/browse/SHINDIG-662?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Tim Wintle updated SHINDIG-662:
-------------------------------
Attachment: fix_noProtocolCheck_bug.patch
Simple fix to ProxyHandler to check for protocol
> Check protocol for proxy requests
> ---------------------------------
>
> Key: SHINDIG-662
> URL: https://issues.apache.org/jira/browse/SHINDIG-662
> Project: Shindig
> Issue Type: Bug
> Components: Gadget Rendering Server (PHP)
> Environment: Multiple *nix
> Reporter: Tim Wintle
> Attachments: fix_noProtocolCheck_bug.patch
>
> Original Estimate: 0.5h
> Remaining Estimate: 0.5h
>
> ProxyHandler does not check the protocol of requests.
> -> On our development servers, a request to proxy "file://[some big logfile]" successfully tied up the server for 30 seconds of cpu time.
> (The request was not passed back to the client, but this bug opens up a possibility for dos attack)
> Patch submitted simply checks that the requested url includes http, https or ftp protocols if a protocol is specified.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.